3

According to this RedHat SSH password automation guide I'm following the Example 4: GPG one, and following the steps in that guide I create my pass_file using my own passphrase. Then, I got this:

gpg -d -q myappserver23.sshpasswd.gpg > pass_file && sshpass -fpass_file ssh [email protected]

Note the lack of a space between the -f option and pass_file according to sshpass man page When I run the command above, I'm asked for my passphrase, I type it correctly and then I'm asked for the server's password as if sshpass wasn't even used. In short, this works but I still got a password prompt...

I'm aware of the -q options certainly and I've added also -vvv to both sshpass and ssh and it seems this is related to shh and not to sshpass I believe. I'll just share here the debug messages I got after the ssh banner message

(...)
debug3: input_userauth_banner
----------------------------------------------------------------------------------------
Here goes ssh banner message
----------------------------------------------------------------------------------------

debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\myuser/.ssh/id_rsa RSA SHA256:7PAz6lsENYkfYGwFZWNf0OJ88Z9mFDMSBc+P9t+4H1k
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: C:\\Users\\myuser/.ssh/id_dsa
debug3: no such identity: C:\\Users\\myuser/.ssh/id_dsa: No such file or directory
debug1: Trying private key: C:\\Users\\myuser/.ssh/id_ecdsa
debug3: no such identity: C:\\Users\\myuser/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: C:\\Users\\myuser/.ssh/id_ed25519
debug3: no such identity: C:\\Users\\myuser/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: C:\\Users\\myuser/.ssh/id_xmss
debug3: no such identity: C:\\Users\\myuser/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: failed to open file:C:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
[email protected]'s password:

The last line of this output is the password prompt. Obviously, if I type my password here, I'll be able to login to the remote server but then, what's the point to use sshpass ? I'd like to be able to just login without having to type any password.

Please, don't advise the use of private keys, I know about the subject but its not applicable to my real world scenario. Any help will be appreciated.

Metafaniel
  • 186
  • 7
  • use keys, not passwords. any other answer is a wrong answer, just as a question refusing to consider using keys with ssh is a wrong question. keys are **always** appropriate to real world scenarios involving ssh. – cas Nov 17 '21 at 06:26
  • @cas Thanks but as I was saying, I know. Please consider helping answer the question as it was raised. – Metafaniel Nov 17 '21 at 18:24
  • 1
    IMO this is the crucial message: `failed to open file:C:/dev/tty`. I guess in Linux it would be `/dev/tty` and the method would succeed. Here in Windows (this is in Windows, right?) something goes wrong with emulation(?) of `/dev/tty`. Somehow `ssh` tries to open `C:/dev/tty` which does not lead to the tty `sshpass` tries to set up. This is my hypothesis, I may be wrong. Unfortunately the only fix I know is "don't use Windows". There may be another fix, good luck. Consider [edit]ing and *explicitly* stating you're using Windows, if this is indeed the case. – Kamil Maciorowski Nov 23 '21 at 09:48
  • @KamilMaciorowski You're right! I'm attempting this using Cygwin in Windows. I've edited the title and tags as suggested. There must be a way though... Thanks for your comment. – Metafaniel Nov 23 '21 at 16:14

2 Answers2

2

@KamilMaciorowski comment lend me into the right direction. According to this useful answer at ServerFault, Windows is taking its own OpenSSH implementation. To solve this, openssh has to be installed in Cygwin in order to use this one instead.

This solves the errors and now I can do this:

$ gpg -d -q myappserver23.sshpasswd.gpg > pass_file && sshpass -fpass_file ssh [email protected] > test.txt

$ cat test.txt
/home/myuser
uid=1001(myuser) gid=1001(mygroup) groups=1001(mygroup)

PD. This is not insecure because we're using gpg here. But if in doubt, try this.

Metafaniel
  • 186
  • 7
0

Why decrypt to a plain text file which is just left in the filesystem? Better to pipe the output directly:

gpg -d -q myappserver23.sshpasswd.gpg | sshpass -P pass ssh -i ~/.ssh/key.pem -ttR xxx.xxx.xxx.xxx

The -P pass option searches for e.g a "password..." or "passphrase" prompt to fill.

Greenonline
  • 1,759
  • 7
  • 16
  • 21
social
  • 239
  • 2
  • 6